SkillHub

secure-shopper

v0.1.0

Asynchronous shopping research + checkout using secure-autofill (1Password-backed browser filling) with results recorded to workspace artifacts.

Sourced from ClawHub, Authored by Zhihao

Installation

Please help me install the skill `secure-shopper` from SkillHub official store. npx skills add moodykong/secure-shopper

secure-shopper 🛒

Find items across one or more shopping sites, summarize candidates, and (optionally) place the order using secure-autofill.

This skill is asynchronous: spawn a sub-agent for browsing so the main chat stays responsive.

Prerequisites

Required skills / plugin

  • The secure-autofill skill exists at: ~/.openclaw/skills/secure-autofill/
  • The secure-autofill plugin tools are available:
  • vault_suggest
  • vault_fill

Inherit secure-autofill prerequisites

  • A working non-headless Chrome (many shops block headless)
  • Gateway environment has required env vars (per secure-autofill)

Concrete check:

command -v google-chrome || command -v google-chrome-stable

Configuration (portable)

Skill-local config files:

  • Example (shareable, do not edit): ~/.openclaw/skills/secure-shopper/config.json.example
  • Real (machine-specific, written by onboarding): ~/.openclaw/skills/secure-shopper/config.json

Config keys:

  • goToSites[]: list of default shopping sites (e.g. Amazon, Walmart)
  • location.zip or location.address: used for shipping/availability context
  • preferences.priority: one of:
  • relevancy
  • cheaper
  • faster
  • reviews
  • preferences.maxCandidatesPerSite: cap per site (default 5)
  • preferences.safeBrowsing: guardrails to avoid oversized pages / context overflow (applies to all sites)
  • startFromSearch: true|false (default true) — prefer a site’s search results page over the homepage/product pages
  • maxCandidatesPerPass: number (default 3) — extract a few items at a time (then paginate/scroll)
  • snapshot: limits for browser.snapshot
    • compact: boolean (default true)
    • depth: number (default 6)
    • maxChars: number (default 12000)
  • fallback: what to do on context_length_exceeded
    • retryWithTighterSnapshot: boolean (default true)
    • switchToSearchUrl: boolean (default true)

Initialization / installation / onboarding

Preferred (chat-first)

Ask Boss and then write config.json:

1) Go-to shopping website(s) - Examples: Amazon, Walmart, Target - Store into goToSites[]

2) Zip code OR proximity address - Store into location.zip and/or location.address

3) Preferences - Ask for priority: relevancy vs cheaper vs faster delivery vs higher review scores - Store into preferences.priority (+ optional notes)

After collecting answers, update the real config file.

Optional helper (terminal):

node ~/.openclaw/skills/secure-shopper/scripts/onboard.mjs 
  --sites 'Amazon=https://www.amazon.com|Walmart=https://www.walmart.com' 
  --zip 46202 
  --priority cheaper

How it works (agent behavior contract)

0) Require a shopping description

The user must provide a description of their shopping task.

  • If they didn’t: stop and ask for it.

1) Honor runtime user prompts

Runtime user instructions (the user’s message for this run) override stored config.

Examples of runtime overrides:

  • “Use Target instead of Amazon.”
  • “Only show Prime-eligible.”
  • “Budget under $50.”

2) Login via secure-autofill (skip if already logged in)

  • Use the configured go-to sites, unless the runtime prompt specifies a site.
  • If the site session appears already authenticated: skip login.
  • Otherwise, use secure-autofill login flow:
  • browser.snapshot to get refs
  • vault_suggest/vault_fill to fill credentials

3) Make the browsing asynchronous

Immediately after accepting the task, respond with something like:

I’m en route to the stores. I’ll notify you when I find the best matches.

Then spawn a sub-agent so the main session is not interrupted.

Implementation note:

  • Use sessions_spawn with a task that includes the shopping description and any runtime overrides.

4) Browse + identify candidates

The sub-agent browses each chosen site, searches, filters, and identifies candidates that fit the user description.

Context-safe browsing (ALL shopping sites)

Many shopping sites can produce extremely large pages/snapshots. To avoid context_length_exceeded failures:

  • Prefer starting from a search results URL (or the site’s search box) rather than the homepage.
  • Use small snapshots:
  • browser.snapshot(..., compact=true)
  • keep depth modest (e.g., 4–8)
  • set maxChars and/or target a specific container when possible
  • Extract incrementally:
  • grab top ~3 candidates, record them, then paginate/scroll and repeat until maxCandidatesPerSite is met
  • If a snapshot still overflows:
  • retry with a tighter snapshot (smaller depth / smaller region)
  • switch to a search URL (/search?q=...) and re-extract
  • Do not “reason through” massive dumps. If the page is huge, reduce the page slice first.

Record results to:

/home/miles/.openclaw/workspace/artifacts/secure_shopping/{timestamp}_shopping_task.json

JSON requirements:

  • Record:
  • userPrompt (shopping description)
  • startTime
  • endTime
  • phase (required):
    • candidates_found | awaiting_accept_deny | awaiting_checkout_confirm | ordered
  • candidates[]
  • Candidates for the same request must live under the same parent task.
  • Each candidate must include:
  • price (string)
  • reviewScore (string/number)
  • url
  • verdict (short)
  • status: pending | accepted | denied | shopped

Suggested candidate shape:

{
  "site": "Amazon",
  "title": "...",
  "price": "$39.99",
  "reviewScore": "4.6 (12,345)",
  "url": "https://...",
  "verdict": "Best value under $50; good reviews; ships tomorrow",
  "status": "pending"
}

Helper module (optional): scripts/task_io.mjs.

5) Notify user + REQUIRE accept/deny (hard gate)

When browsing is done, you must:

1) Set JSON phase = "awaiting_accept_deny". 2) Translate the JSON into a human-friendly summary. 3) In the same message, require an ACCEPT/DENY decision. Do not end the turn without the prompt.

Mandatory message template (copy this structure):

  • Recommended pick: — <price> — <reviewScore> — <1-line why></li> <li><strong>Other options:</strong> (optional, 1–5 bullets)</li> <li><strong>Choose:</strong> Reply with <code>A=accept/deny, B=accept/deny, ...</code> (or “Accept A” / “Deny B”).</li> <li><strong>Next step:</strong> “If you accept one: do you want me to checkout, or stop at ready-to-buy?”</li> </ul> <p>Hard rule: - If you listed candidates/links but did not include an explicit <strong>Choose (ACCEPT/DENY)</strong> line, the output is invalid and must be rewritten before sending.</p> <h3 id="6-apply-acceptdeny-updates">6) Apply accept/deny updates</h3> <p>Once the user replies:</p> <ul> <li>Update each candidate <code>status</code> to <code>accepted</code> or <code>denied</code>.</li> <li>Confirm the accepted candidate(s).</li> <li>Set JSON <code>phase</code>:</li> <li><code>awaiting_checkout_confirm</code> if at least one is accepted and checkout is not yet confirmed</li> <li>keep <code>awaiting_accept_deny</code> if the user’s response is ambiguous / incomplete</li> </ul> <h3 id="7-checkout-only-after-explicit-confirmation">7) Checkout (only after explicit confirmation)</h3> <p>Before you click any “Place order” / “Submit” equivalent:</p> <ul> <li>Ask for a clear confirmation like: <strong>“Confirm checkout for A? (yes/no)”</strong></li> <li>Set JSON <code>phase = "awaiting_checkout_confirm"</code> until confirmed.</li> </ul> <p>If the user confirms checkout:</p> <ul> <li>Navigate to the accepted candidate’s URL</li> <li>Add to cart / proceed to checkout</li> <li>Use <strong>secure-autofill</strong> to input payment/shipping info and submit</li> </ul> <p>If secure-autofill reports an error:</p> <ul> <li>Do not guess.</li> <li>Pass the error back to the user.</li> </ul> <h3 id="8-mark-as-shopped">8) Mark as shopped</h3> <p>If the order is successfully placed:</p> <ul> <li>update that candidate’s <code>status</code> to <code>shopped</code></li> <li>set JSON <code>phase = "ordered"</code></li> </ul> <h2 id="notes-guardrails">Notes / guardrails</h2> <ul> <li>Never paste secrets.</li> <li>Checkout flows often require MFA / SMS verification; ask the user when needed.</li> <li>Prefer fewer high-quality candidates over a long list.</li> </ul> </div> </div> <!-- Right: Sidebar --> <aside class="space-y-6"> <!-- Popularity --> <div class="bg-gray-900 border border-gray-800 rounded-2xl p-6 shadow-sm"> <h3 class="text-[10px] font-black text-gray-500 uppercase tracking-widest mb-5">Popularity</h3> <div class="flex items-end gap-2 mb-6"> <span class="text-4xl font-black text-white leading-none">1</span> <span class="text-gray-500 text-[10px] font-bold uppercase mb-1">Stars</span> </div> <div class="grid grid-cols-2 gap-3 mb-6"> <div class="bg-gray-950 p-4 rounded-xl border border-gray-800 text-center"> <div class="text-gray-600 text-[10px] font-bold uppercase mb-1">DLs</div> <div class="text-white font-bold text-base">329</div> </div> <div class="bg-gray-950 p-4 rounded-xl border border-gray-800 text-center"> <div class="text-gray-600 text-[10px] font-bold uppercase mb-1">Installs</div> <div class="text-white font-bold text-base">0</div> </div> </div> <!-- View Repository: 恢复原文字,去掉图标,保持深色紧凑风格 --> <a href="https://clawhub.ai/moodykong/secure-shopper" target="_blank" class="block text-center border border-gray-700 bg-gray-800 text-gray-200 py-3 rounded-xl font-bold hover:bg-gray-700 transition-all uppercase text-[10px] tracking-widest"> View Repository </a> </div> <!-- AI Security --> <div class="bg-gray-900 border border-gray-800 rounded-2xl p-6 relative overflow-hidden"> <div class="absolute -top-10 -right-10 w-24 h-24 bg-yellow-500/10 rounded-full blur-2xl opacity-40"></div> <h3 class="text-[10px] font-black text-gray-500 uppercase tracking-widest mb-5 relative z-10">AI Security</h3> <div class="flex items-center gap-5 relative z-10"> <div class="w-14 h-14 rounded-full border-2 border-yellow-500 flex items-center justify-center text-yellow-500 text-xl font-black bg-gray-950 shadow-inner">85</div> <div class="flex-1"> <div class="text-white font-bold text-xs uppercase tracking-tight">None</div> <div class="text-[9px] text-gray-600 italic">Audited by AI Guard</div> </div> </div> </div> <!-- Download --> <a href="https://wry-manatee-359.convex.site/api/v1/download?slug=secure-shopper" class="flex items-center justify-center gap-2 w-full border border-blue-500/40 text-blue-400 py-3.5 rounded-xl font-bold hover:bg-blue-500/10 transition-all uppercase text-[10px] tracking-widest"> <i class="fa-solid fa-cloud-arrow-down"></i> Download ZIP </a> </aside> </div> </main> <!-- Footer --> <footer class="border-t border-gray-800 bg-gray-950 mt-20 py-12 text-center"> <div class="container mx-auto px-4"> <div class="flex justify-center gap-6 mb-6 text-gray-500"> <a href="#" class="hover:text-white transition-colors text-lg"><i class="fa-brands fa-discord"></i></a> <a href="#" class="hover:text-white transition-colors text-lg"><i class="fa-brands fa-x-twitter"></i></a> </div> <p class="text-gray-500 text-[10px] font-bold uppercase tracking-widest mb-2">© 2026 AI Skills Hub</p> <p class="text-gray-700 text-[9px] uppercase tracking-[0.2em]">Verified Metadata Repository</p> </div> </footer> </body> </html>